System.DirectoryServices Namespace

The System.DirectoryServices namespace provides easy access to Active Directory Domain Services from managed code. The namespace contains two component classes, DirectoryEntry and DirectorySearcher, which use the Active Directory Services Interfaces (ADSI) technology. ADSI is the set of interfaces that Microsoft provides as a flexible tool for working with a variety of network providers. ADSI gives the administrator the ability to locate and manage resources on a network with relative ease, regardless of the size of the network.

The classes in this namespace can be used with any of the Active Directory Domain Services service providers. The current providers are: Internet Information Services (IIS), Lightweight Directory Access Protocol (LDAP), Novell NetWare Directory Service (NDS), and WinNT.

ADSI is a programmatic interface for Microsoft Active Directory Domain Services that enables your applications to interact with diverse directories on a network using a single interface. Using ADSI, you can create applications that perform common tasks, such as backing up databases, accessing printers, and administering user accounts.

Active Directory Domain Services use a tree structure. Each node in the tree contains a set of properties. Use this namespace to traverse, search, and modify the tree, and read and write to the properties of a node.

The DirectoryEntry class encapsulates a node or object in the Active Directory Domain Services hierarchy. Use this class for binding to objects, reading properties, and updating attributes. Together with helper classes, DirectoryEntry provides support for life-cycle management and navigation methods, including creating, deleting, renaming, moving a child node, and enumerating children.

Use the DirectorySearcher class to perform queries against the Active Directory Domain Services hierarchy. LDAP is the only system-supplied Active Directory Service Interfaces (ADSI) provider that supports searching.

The DeleteTreeAccessRule class represents a specific type of access rule that is used to allow or deny an Active Directory Domain Services object the right to delete all child objects, regardless of the permissions that the child objects have.

The DirectoryEntryConfiguration class provides a direct way to specify and obtain provider-specific options for manipulating a directory object. Typically, the options apply to search operations of the underlying directory store. The supported options are provider-specific.

The DirectoryVirtualListView class specifies how to conduct a virtual list view search. A virtual list view search enables users to view search results as address-book style virtual list views. It is specifically designed for very large result sets. Search data is retrieved in contiguous subsets of a sorted directory search.

Represents a specific type of access rule that is used to allow or deny an Active Directory object an extended right. Extended rights are special operations that are not covered by the standard set of access rights. An example of an extended right is Send-As, which gives a user the right to send e-mail for another user. For a list of possible extended rights, see the topic Extended Rights in the MSDN Library at http://msdn.microsoft.com/library. For more information about extended rights, see the topic Control Access Rights, also in the MSDN Library.

The AuthenticationTypes enumeration specifies the types of authentication used in System.DirectoryServices. This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.

The DirectoryServicesPermissionAccess enumeration defines access levels that are used by System.DirectoryServices permission classes. This enumeration has a FlagsAttribute attribute that allows a bitwise combination of its member values.